Virus vectors?

Yes, that's definitely a vector.

It is the usual method for establishing that the e-mail is a currently valid address, and the scammer will then be able to sell the address.

More than a little bit interesting if true... Have you ever actually heard of somebody getting a computer virus that way??

Roswell, quote my previous post so that Gunga can read it--this has nothing to do with a computer virus. It is a scam, though.

I'm using the term virus loosely here. System Tools 2011 does a pretty good impression of a major virus attack and it progressively takes over and shuts down the system, while actively preventing the installation or use of products which might get rid of it.

One of the more recent virus vectors, especially for the extortion-ware stuff like System Tools 2011, is advertising banners. I've seen several folks get burned this way.

You have to keep your flash player and java installation patched. There are also exploits for older versions of Adobe Reader. Opening a PDF file isn't automatically safe, anymore.

Even better than keeping Java, Flash, etc. patched is to either run your browser in a virtual machine, or to use Sandboxie.

PDF files, too? But, they are mostly published by trusted sites.

"System Tools 2011" and a few variants are know viruses. I've seen them myself on some of the customer systems that I maintain.

Viruses or Worms or whatever you want to call them are just bits of code which have been executed by the computer system. It's fairly common for bits of code such as this to be Emailed to people as attachments (which they then run), or Emailed to people as Links which they click on. Many web browsers are configured to download and execute code when they link to them. The code can be wrapped in many layers and take different forms, Flash, asp, etc, but the salient result is that they are executed on the target system. Once the code has been executed by a user of sufficient privilege the virus can embed itself anywhere in the system. MSWindows is particularly bad about this because the registry allows even users with normal permissions to make system level changes. Unix Systems are much more robust because they don't have a registry and because system level code is protected from normal users through permissions settings.

Does that answer your question?

This is also correct. Many many links which say "remove me from your list" are simply tools used by the scammer to collect "active" Email addresses (because if you press the "remove me" button, then you are probably a real live human being, and that's what scammers really want).

In general we tell users not to click on links that are embedded in their Emails. But the other thing you can do if you're curious (and careful) is to right-click the link and look at the target without actually opening it. Many links in Email are forged, so even though they say, "irs.gov", if you actually look at the target you will see that it goes to some type of shady multi layered marketing domain.

It's easy to generate a PDF. I can do it locally on my laptop (and frequently do so).

System Tools 2011 is a nasty one. Once it's in there it's virtually impossible to remove without booting the system onto a clean image and then running some removal tools.

I usually reboot the system onto a thumb drive and run one of the Linux tools on the system to clean it out.

Yup. Even after it's off, you have to repair the TCP/IP stack.

Thanks, several useful pieces of information here.